Managing Windows Insider Preview Builds within the organization

This week is al around managing Windows Insider Preview Builds. Even though it’s not a new subject, it’s good to at least get a refresher. Especially when mentioning the Windows Insider Preview for Business program, as it’s often still unknown. The fun part, however, is that it’s actually pretty simple to get started. For organizations, the Windows Insider Preview for Business program enables them not having to register each device or user in the program and to easily set important policies around preview builds. The only requirement is to register an Azure AD tenant, so it can be used for authentication.This post walks through that requirement and more, as prequisites for configuring Windows Insider Preview Builds within the organization, followed with the steps for creating …

Read more

Allowing users to opt-in for Windows 11 by using access packages

This week is all about providing users with an easy method to opt-in for using Windows 11. That easy method can be created by using standard functionality that is provided by Azure AD entitlement management – an identity governance feature – and that can be used to automate access request workflows, access assignments, reviews, and expiration. More specifically, entitlement management introduces the concept of an access package and those packages provide an easy method to govern access. In a way, an access package can be used to create a simple automated flow to allow users to opt-in for Windows 11. That can be achieved adding the user to an Azure AD group and using that group for the assignment of a feature update deployment. This …

Read more

Microsoft Tunnel Gateway: A quick overview

This week my post is a few days later, as my post is an extension of my session at the Nordic Virtual Summit Second Edition. At the virtual summit I did a session about Getting access to on-premises resources with Microsoft Tunnel. During that session I shared the information around the architecture of Microsoft Tunnel and I zoomed in on getting up-and-running with Microsoft Tunnel and getting insight in Microsoft Tunnel. This post will provide a quick summary of that session about the different important components of Microsoft Tunnel and how to get connected to Microsoft Tunnel. Most of that information will be summarized in tables and slides. The slides (PDF) of that session are available for download here. Main components of Microsoft Tunnel The Microsoft Tunnel …

Read more

Customizing the default app associations on Windows 11 devices

This week is another follow-up on the posts of the last weeks about customizing Windows 11 devices. This week, however, is focused on customizing the default app accosiations on Windows 11 devices. Customizing the default app associations enables organizations to associate specific apps with file and link types, for their users. Besides that, this post is also an updated version of this post of over four years ago. Even though not a lot has changed, the configuration did become easier. This post goes through the creation of the required app assocations file, folowed with applying that file on Windows 11 devices. This post ends with showing the user experience with the customized app assoications. Important: My personal opinion is that – as with every other …

Read more

Customizing the Taskbar on Windows 11 devices

This week is a follow-up on last weeks post about customizing the Start menu layout on Windows 11 devices. This week, however, is focused on customizing the Taskbar layout on Windows 11 devices. Customizing the Taskbar layout enables organizations to create a standardized layout for their users. With the arrival of Windows 11, the configuration options for customizing the Taskbar layout have changed. Especially from a setting-by-setting perspective the options are now rather limited. This post does a quick breakdown of the Taskbar layout in Windows 11 and the different configurations that are available, per section. That breakdown is followed with a zoom-in on the actual configuration for creating the standardized layout. This post ends with showing the user experience with a customized Taskbar layout. …

Read more

Customizing the Start menu layout on Windows 11 devices

This week is all about customizing the Start menu layout on Windows 11. Customizing the Start menu layout enables organizations to create a standardized layout for theirs users by pinning apps, removing default apps, ordering apps and more. The configuration of such a standardized layout has changed from Windows 10 to Windows 11. To create a standardized layout for Windows 11, the IT administrator must use a JSON-file. In previous versions of Windows, that required a XML-file. That configuration change, justifies an explanation about the Start menu layout in Windows 11 and the different configuration options. This post breaks down the new Start menu layout in Windows 11 and the different configuration options that are available, per section. That breakdown is followed with a zoom-in …

Read more

Simplifying targetting groups of apps with app protection policies

This week is all about the simplification in targetting groups of apps with app protection policies and a followup on my tweet of last week. That tweet provided a quick peak at the new targetting options of app protection policies for Android and iOS/iPadOS devices. The great thing about that simplification is that app protection policies can now be targeted at different categories (or groups) of apps. Those categories of apps are All apps, All Microsoft apps and Core Microsoft apps, and are dynamically updated to include the appropriate apps. That dynamic update will make sure that the already created app protection policies are automatically updated with the latest apps that are available for the different categories and will also make sure that newly created …

Read more

Controlling devices connected to Windows devices

This week is all about device control. Device control is often referred to as a feature of Microsoft Defender for Endpoint and is focused on preventing data leakage. That is achieved by limiting the devices that can be connected to a Windows device. The idea is also pretty straight forward: control which devices can connect to a Windows device. That can be achieved by looking at the hardware device installation, at the removable storage and at the bluetooth connections. Besides that it’s even possible to get creative with printers. Most of these settings – with exception of the printer settings – are configurable via the endpoint security options, but most settings are actually configured via different CSPs on the Windows device. This post will walk …

Read more

Getting new users quickly up-and-running with Temporary Access Pass

This week is a little follow-up on a post of a couple of months ago and about connecting pieces of the puzzle. That post was around Temporary Access Pass (TAP). Even though that post was focused on Windows devices, it did provide some hints for using TAP on mobile devices (Android, iOS) also. An often seen and heard challenge is related to getting new user up-and-running. Especially when requiring Multi-Factor Authentication (MFA) for device enrollment, or when trying to work completely passwordless. Those scenarios introduce chicken-and-egg situations as a device must be registered for usage with MFA and the registration requires MFA, or when trying to work passwordless and an authentication method must be registered to be able to work passwordless. So, to get a …

Read more

Getting started with Test Base for Microsoft 365

This week is about something relatively new, but especially something rather unknown. And that is Test Base for Microsoft 365 (Test Base). Test Base is a validation service based in a secure Azure environment, that enables Software Vendors (SVs) and System Integrators (SIs) to validate their applications against pre-released Windows security and feature updates. The best part is that it also enables customers and partners to do the same. That enables organizations to automatically test their critical business app with the upcoming Windows security and feature updates. A sort of automated testing. That helps organizations to be even better prepared for the upcoming Windows security and feature updates. This post is to create more awareness for Test Base and to make sure that organization are …

Read more